Description
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2668 Vulnerability (CVE-2018-2668)
MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)
WordPress Plugin WP Symposium Open Redirect (13.04)
Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 3.8.7)
WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)